Slack Connection Error

Question

Slack Connection Error

unl1k3ly opened this issue 5 years ago · comments

Hi,

I tried to connect notification through slack, but I've been getting this error:

Error: missing_scope
    at exec (/home/ubuntu/bXSS/node_modules/slack/src/_exec.js:11:15)
    at Object._execWithToken (/home/ubuntu/bXSS/node_modules/slack/src/_factory.js:31:16)
    at Object.exports.send (/home/ubuntu/bXSS/server/utilities/services/slack.js:14:16)
    at reporters.forEach.svc (/home/ubuntu/bXSS/server/controllers/xss.js:21:32)
    at Array.forEach (<anonymous>)
    at reportToUtilities (/home/ubuntu/bXSS/server/controllers/xss.js:21:13)
    at exports.capture (/home/ubuntu/bXSS/server/controllers/xss.js:56:3)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
    at /home/ubuntu/bXSS/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:335:12)
    at next (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:275:10)
    at urlencodedParser (/home/ubuntu/bXSS/node_modules/body-parser/lib/types/urlencoded.js:91:7)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)

All required is the Slack Bot API + #channel in the config file ?

Cherrs

Lewis · Answer 1 · Fri Jun 07 2019 05:24:08 GMT+0800 (China Standard Time)

Yes,

Example:

config.slack.token = process.env.slackToken || 'xoxb-token-token';
config.slack.channel = process.env.slackChannel || 'general';

unl1k3ly · Answer 2 · Fri Jun 07 2019 06:33:12 GMT+0800 (China Standard Time)

That's what I have into mine config... I'm not getting notifications :( same error as above. Am I missing something? By the way awesome project!

…

On Fri., 7 Jun. 2019, 7:24 am Lewis, ***@***.***> wrote: Yes, Example: config.slack.token = process.env.slackToken || 'xoxb-token-token'; config.slack.channel = process.env.slackChannel || 'general'; — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#28?email_source=notifications&email_token=ABSN3MQKLHA5ZFWIBQK23M3PZF57TA5CNFSM4HVCLQWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXEGQNY#issuecomment-499673143>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABSN3MQ4CYYYSNIKABRSOODPZF57TANCNFSM4HVCLQWA> .

unl1k3ly · Answer 3 · Fri Jun 07 2019 07:39:57 GMT+0800 (China Standard Time)

I'm getting:

Error: missing_scope
    at exec (/home/ubuntu/bXSS/node_modules/slack/src/_exec.js:11:15)
    at Object._execWithToken (/home/ubuntu/bXSS/node_modules/slack/src/_factory.js:31:16)
    at Object.exports.send (/home/ubuntu/bXSS/server/utilities/services/slack.js:14:16)
    at reporters.forEach.svc (/home/ubuntu/bXSS/server/controllers/xss.js:21:32)
    at Array.forEach (<anonymous>)
    at reportToUtilities (/home/ubuntu/bXSS/server/controllers/xss.js:21:13)
    at exports.capture (/home/ubuntu/bXSS/server/controllers/xss.js:56:3)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/home/ubuntu/bXSS/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)
    at /home/ubuntu/bXSS/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:335:12)
    at next (/home/ubuntu/bXSS/node_modules/express/lib/router/index.js:275:10)
    at urlencodedParser (/home/ubuntu/bXSS/node_modules/body-parser/lib/types/urlencoded.js:91:7)
    at Layer.handle [as handle_request] (/home/ubuntu/bXSS/node_modules/express/lib/router/layer.js:95:5)

Maybe would be better is rather than take a token, we phrase an incoming hook url ? That would be easier to implement isn't ?

Lewis · Answer 4 · Sat Jun 08 2019 01:31:20 GMT+0800 (China Standard Time)

Let me investigate.

Lewis · Answer 5 · Sat Jun 08 2019 01:43:13 GMT+0800 (China Standard Time)

Its giving you a warning about scope, which means you didn't give it the correct permissions.

https://api.slack.com/scopes/chat:write
https://api.slack.com/scopes/channels:read

Slack permissions required channels:read and chat:write

Lewis · Answer 6 · Sat Jun 08 2019 01:44:18 GMT+0800 (China Standard Time)

It looks like this is a legacy way of doing it now, so maybe i need to re-write that part of the application.

unl1k3ly · Answer 7 · Sat Jun 08 2019 08:34:21 GMT+0800 (China Standard Time)

Okay! Ive figg it out what was causing the issue... it turns out i needed private:channel permission since the bot was in a private channel. Problem solved!

Mate, perhaps, we can try to use some ideas of https://github.com/mazen160/xless. bxss is missing some data as well as screenshot module.

Its a awesome project as i said! Well done.

Cheers

Lewis · Answer 8 · Sat Jun 08 2019 08:40:45 GMT+0800 (China Standard Time)

I see, glad you were able to resolve it.

Those improvements are in the pipeline of issues that have been created to in attempts to make this a great project.

I have been pretty busy recently, but trying to get motivation to finish outstanding work on payload generation, then i will move to refactoring the XSS payload itself